lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <10eddab8-ebc3-083d-f912-d4aebcf9f9e6@ssi.bg>
Date: Thu, 21 Nov 2024 17:23:56 +0200 (EET)
From: Julian Anastasov <ja@....bg>
To: Jinghao Jia <jinghao7@...inois.edu>
cc: Simon Horman <horms@...ge.net.au>, Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Bill Wendling <morbo@...gle.com>,
        Justin Stitt <justinstitt@...gle.com>, Kees Cook <kees@...nel.org>,
        netdev@...r.kernel.org, lvs-devel@...r.kernel.org,
        netfilter-devel@...r.kernel.org, coreteam@...filter.org,
        linux-kernel <linux-kernel@...r.kernel.org>, llvm@...ts.linux.dev,
        kernel test robot <lkp@...el.com>, Ruowen Qin <ruqin@...hat.com>
Subject: Re: [PATCH] ipvs: fix UB due to uninitialized stack access in
 ip_vs_protocol_init()


	Hello,

On Tue, 19 Nov 2024, Jinghao Jia wrote:

> On 11/18/24 6:41 AM, Julian Anastasov wrote:
> > 
> > On Mon, 11 Nov 2024, Jinghao Jia wrote:
> > 
> >> Under certain kernel configurations when building with Clang/LLVM, the
> >> compiler does not generate a return or jump as the terminator
> >> instruction for ip_vs_protocol_init(), triggering the following objtool
> >> warning during build time:
> >>
> >>   vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6()
> >>
...
> >> This gives later passes (SCCP, in particular) to more DCE opportunities
> 
> One small request: if you could help us remove the extra "to" in the above
> sentence when committing this patch, it would be great.
> 
...
> > 	Looks good to me, thanks! I assume it is for
> > net-next/nf-next, right?
> 
> I am actually not familiar with the netfilter trees. IMHO this should also be
> back-ported to the stable kernels -- I wonder if net-next/nf-next is a good
> tree for this?

	Then may be it is better to send [PATCHv2 net] after fixing
the above "to" and selecting proper commit for a Fixes line (probably
the initial commit 1da177e4c3f4 ?).

> >> -	char protocols[64];
> >> +	char protocols[64] = { 0 };
> >>  #define REGISTER_PROTOCOL(p)			\
> >>  	do {					\
> >>  		register_ip_vs_protocol(p);	\
> >> @@ -348,8 +348,6 @@ int __init ip_vs_protocol_init(void)
> >>  		strcat(protocols, (p)->name);	\
> >>  	} while (0)
> >>  
> >> -	protocols[0] = '\0';
> >> -	protocols[2] = '\0';
> >>  #ifdef CONFIG_IP_VS_PROTO_TCP
> >>  	REGISTER_PROTOCOL(&ip_vs_protocol_tcp);
> >>  #endif

Regards

--
Julian Anastasov <ja@....bg>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ